<!DOCTYPE HTML>
<html lang="zh-CN">


<head><meta name="generator" content="Hexo 3.8.0">
    <meta charset="utf-8">
    <meta name="keywords" content="校内平台杂项, Mondayice">
    <meta name="description" content="杂项第一题一般不难下了图片拖到notepad++直接搜flag。bingo！
第二题还是图片隐写，百毒网盘连接，下载载瞅一眼老样子先拿到Stegsolve看一波，bingo！
第三题、base64，不多说了
第四题在图片下面
第五题give">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
    <meta name="renderer" content="webkit|ie-stand|ie-comp">
    <meta name="mobile-web-app-capable" content="yes">
    <meta name="format-detection" content="telephone=no">
    <meta name="apple-mobile-web-app-capable" content="yes">
    <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">
    <title>校内平台杂项 | Mondayice</title>
    <link rel="icon" type="image/png" href="/favicon.png">

    <link rel="stylesheet" type="text/css" href="/libs/awesome/css/font-awesome.min.css">
    <link rel="stylesheet" type="text/css" href="/libs/materialize/materialize.min.css">
    <link rel="stylesheet" type="text/css" href="/libs/aos/aos.css">
    <link rel="stylesheet" type="text/css" href="/libs/animate/animate.min.css">
    <link rel="stylesheet" type="text/css" href="/libs/lightGallery/css/lightgallery.min.css">
    <link rel="stylesheet" type="text/css" href="/css/matery.css">
    <link rel="stylesheet" type="text/css" href="/css/my.css">
    <style type="text/css">
        
    </style>

    <script src="/libs/jquery/jquery-2.2.0.min.js"></script>
<link rel="stylesheet" href="/css/prism-tomorrow.css" type="text/css"></head>


<body>

<header class="navbar-fixed">
    <nav id="headNav" class="bg-color nav-transparent">
        <div id="navContainer" class="nav-wrapper container">
            <div class="brand-logo">
                <a href="/" class="waves-effect waves-light">
                    
                    <img src="/medias/logo.png" class="logo-img" alt="LOGO">
                    
                    <span class="logo-span">Mondayice</span>
                </a>
            </div>
            

<a href="#" data-target="mobile-nav" class="sidenav-trigger button-collapse"><i class="fa fa-navicon"></i></a>
<ul class="right">
    
    <li class="hide-on-med-and-down">
        <a href="/" class="waves-effect waves-light">
            
            <i class="fa fa-home"></i>
            
            <span>首页</span>
        </a>
    </li>
    
    <li class="hide-on-med-and-down">
        <a href="/tags" class="waves-effect waves-light">
            
            <i class="fa fa-tags"></i>
            
            <span>标签</span>
        </a>
    </li>
    
    <li class="hide-on-med-and-down">
        <a href="/categories" class="waves-effect waves-light">
            
            <i class="fa fa-bookmark"></i>
            
            <span>分类</span>
        </a>
    </li>
    
    <li class="hide-on-med-and-down">
        <a href="/archives" class="waves-effect waves-light">
            
            <i class="fa fa-archive"></i>
            
            <span>归档</span>
        </a>
    </li>
    
    <li class="hide-on-med-and-down">
        <a href="/about" class="waves-effect waves-light">
            
            <i class="fa fa-user-circle-o"></i>
            
            <span>关于</span>
        </a>
    </li>
    
    <li class="hide-on-med-and-down">
        <a href="/friends" class="waves-effect waves-light">
            
            <i class="fa fa-address-book"></i>
            
            <span>友情链接</span>
        </a>
    </li>
    
    <li>
        <a href="#searchModal" class="modal-trigger waves-effect waves-light">
            <i id="searchIcon" class="fa fa-search" title="搜索"></i>
        </a>
    </li>
</ul>

<div id="mobile-nav" class="side-nav sidenav">

    <div class="mobile-head bg-color">
        
        <img src="/medias/logo.png" class="logo-img circle responsive-img">
        
        <div class="logo-name">Mondayice</div>
        <div class="logo-desc">
            
            白日放歌须纵酒 夜聚小北任逍遥
            
        </div>
    </div>

    

    <ul class="menu-list mobile-menu-list">
        
        <li>
            <a href="/" class="waves-effect waves-light">
                
                <i class="fa fa-fw fa-home"></i>
                
                首页
            </a>
        </li>
        
        <li>
            <a href="/tags" class="waves-effect waves-light">
                
                <i class="fa fa-fw fa-tags"></i>
                
                标签
            </a>
        </li>
        
        <li>
            <a href="/categories" class="waves-effect waves-light">
                
                <i class="fa fa-fw fa-bookmark"></i>
                
                分类
            </a>
        </li>
        
        <li>
            <a href="/archives" class="waves-effect waves-light">
                
                <i class="fa fa-fw fa-archive"></i>
                
                归档
            </a>
        </li>
        
        <li>
            <a href="/about" class="waves-effect waves-light">
                
                <i class="fa fa-fw fa-user-circle-o"></i>
                
                关于
            </a>
        </li>
        
        <li>
            <a href="/friends" class="waves-effect waves-light">
                
                <i class="fa fa-fw fa-address-book"></i>
                
                友情链接
            </a>
        </li>
        
        
        <li><div class="divider"></div></li>
        <li>
            <a href="https://github.com/blinkfox/hexo-theme-matery" class="waves-effect waves-light" target="_blank">
                <i class="fa fa-github-square fa-fw"></i>Fork Me
            </a>
        </li>
        
    </ul>
</div>

        </div>

        
            <style>
    .nav-transparent .github-corner {
        display: none !important;
    }

    .github-corner {
        position: absolute;
        z-index: 10;
        top: 0;
        right: 0;
        border: 0;
        transform: scale(1.1);
    }

    .github-corner svg {
        color: #0f9d58;
        fill: #fff;
        height: 64px;
        width: 64px;
    }

    .github-corner:hover .octo-arm {
        animation: a 0.56s ease-in-out;
    }

    .github-corner .octo-arm {
        animation: none;
    }

    @keyframes a {
        0%,
        to {
            transform: rotate(0);
        }
        20%,
        60% {
            transform: rotate(-25deg);
        }
        40%,
        80% {
            transform: rotate(10deg);
        }
    }
</style>

<a href="https://github.com/blinkfox/hexo-theme-matery" class="github-corner tooltipped hide-on-med-and-down" target="_blank" data-tooltip="Fork Me" data-position="left" data-delay="50">
    <svg viewbox="0 0 250 250" aria-hidden="true">
        <path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"/>
        <path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2" fill="currentColor" style="transform-origin: 130px 106px;" class="octo-arm"/>
        <path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z" fill="currentColor" class="octo-body"/>
    </svg>
</a>
        
    </nav>

</header>





<div class="bg-cover pd-header post-cover" style="background-image: url('/medias/featureimages/0.jpg')">
    <div class="container">
        <div class="row">
            <div class="col s12 m12 l12">
                <div class="brand">
                    <div class="description center-align post-title">
                        校内平台杂项
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>



<main class="post-container content">

    
    <link rel="stylesheet" href="/libs/tocbot/tocbot.css">
<style>
    #articleContent h1::before,
    #articleContent h2::before,
    #articleContent h3::before,
    #articleContent h4::before,
    #articleContent h5::before,
    #articleContent h6::before {
        display: block;
        content: " ";
        height: 100px;
        margin-top: -100px;
        visibility: hidden;
    }

    #articleContent :focus {
        outline: none;
    }

    .toc-fixed {
        position: fixed;
        top: 64px;
    }

    .toc-widget {
        padding-left: 20px;
    }

    .toc-widget .toc-title {
        margin: 35px 0 15px 0;
        padding-left: 17px;
        font-size: 1.5rem;
        font-weight: bold;
        line-height: 1.5rem;
    }

    .toc-widget ol {
        padding: 0;
        list-style: none;
    }

    #toc-content ol {
        padding-left: 10px;
    }

    #toc-content ol li {
        padding-left: 10px;
    }

    #toc-content .toc-link:hover {
        color: #42b983;
        font-weight: 700;
        text-decoration: underline;
    }

    #toc-content .toc-link::before {
        background-color: transparent;
        max-height: 25px;
    }

    #toc-content .is-active-link {
        color: #42b983;
    }

    #toc-content .is-active-link::before {
        background-color: #42b983;
    }

    #floating-toc-btn {
        position: fixed;
        right: 20px;
        bottom: 76px;
        padding-top: 15px;
        margin-bottom: 0;
        z-index: 998;
    }

    #floating-toc-btn .btn-floating {
        width: 48px;
        height: 48px;
    }

    #floating-toc-btn .btn-floating i {
        line-height: 48px;
        font-size: 1.4rem;
    }
</style>
<div class="row">
    <div id="main-content" class="col s12 m12 l9">
        <!-- 文章内容详情 -->
<div id="artDetail">
    <div class="card">
        <div class="card-content article-info">
            <div class="row tag-cate">
                <div class="col s7">
                    
                    <div class="article-tag">
                        
                            <a href="/tags/CTF/" target="_blank">
                                <span class="chip bg-color">CTF</span>
                            </a>
                        
                    </div>
                    
                </div>
                <div class="col s5 right-align">
                    
                </div>
            </div>

            <div class="post-info">
                <div class="post-date info-break-policy">
                    <i class="fa fa-calendar-minus-o fa-fw"></i>发布日期:&nbsp;&nbsp;
                    2019-11-06
                </div>

                
				
				
                    <div id="busuanzi_container_page_pv" class="info-break-policy">
                        <i class="fa fa-eye fa-fw"></i>阅读次数:&nbsp;&nbsp;
                        <span id="busuanzi_value_page_pv"></span>
                    </div>
				
            </div>
        </div>
        <hr class="clearfix">
        <div class="card-content article-card-content">
            <div id="articleContent">
                <h1 id="杂项"><a href="#杂项" class="headerlink" title="杂项"></a>杂项</h1><h1 id="第一题"><a href="#第一题" class="headerlink" title="第一题"></a>第一题</h1><p><strong>一般不难下了图片</strong>拖到notepad++直接搜flag。bingo！<img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570934176925-5a0cb2a2-e5b9-4337-b9e7-014dfc936b3b.png#align=left&amp;display=inline&amp;height=418&amp;name=%E6%9D%82%E9%A1%B9%E7%AC%AC%E4%B8%80%E9%A2%98.PNG&amp;originHeight=836&amp;originWidth=1028&amp;search=&amp;size=100506&amp;status=done&amp;width=514" alt="杂项第一题.PNG"></p>
<h1 id="第二题"><a href="#第二题" class="headerlink" title="第二题"></a>第二题</h1><p><a href="http://211.64.240.92/challenges#%E7%AE%80%E5%8D%95%E7%9A%84%E5%9B%BE%E7%89%87%E9%9A%90%E5%86%99%E6%9C%AF" target="_blank" rel="noopener"><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570934377791-19ef120f-9f04-429f-8326-ec8b0bf4eb4c.png#align=left&amp;display=inline&amp;height=269&amp;name=%E6%9D%82%E9%A1%B9%E7%AC%AC%E4%BA%8C%E9%A2%98.PNG&amp;originHeight=537&amp;originWidth=629&amp;search=&amp;size=21511&amp;status=done&amp;width=315" alt="杂项第二题.PNG"></a><br>还是图片隐写，百毒网盘连接，下载载瞅一眼<br><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570934571451-40a06146-949d-4871-b7ac-3ee2d02919ca.png#align=left&amp;display=inline&amp;height=300&amp;name=%E7%AE%80%E5%8D%95%E7%9A%84%E9%9A%90%E5%86%99%E9%A2%98.png&amp;originHeight=600&amp;originWidth=800&amp;search=&amp;size=1356687&amp;status=done&amp;width=400" alt="简单的隐写题.png"><br><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570934719090-6fda9a9b-4d75-4331-9812-e154cbabbe64.png#align=left&amp;display=inline&amp;height=359&amp;name=yinxie.PNG&amp;originHeight=718&amp;originWidth=807&amp;search=&amp;size=162270&amp;status=done&amp;width=404" alt="yinxie.PNG"><br><strong>老样子先拿到Stegsolve看一波，bingo！</strong></p>
<h1 id="第三题、"><a href="#第三题、" class="headerlink" title="第三题、"></a><strong>第三题、</strong></h1><p><strong>base64，不多说了</strong><br><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570952017833-fa024b41-23e2-42db-b3b8-9e20a8d36df8.png#align=left&amp;display=inline&amp;height=247&amp;name=base.PNG&amp;originHeight=493&amp;originWidth=597&amp;search=&amp;size=16659&amp;status=done&amp;width=299" alt="base.PNG"></p>
<h1 id="第四题"><a href="#第四题" class="headerlink" title="第四题"></a>第四题</h1><p><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570952088793-7b1e120f-406a-4811-8d89-1ad6235132a9.png#align=left&amp;display=inline&amp;height=224&amp;name=PDF.PNG&amp;originHeight=448&amp;originWidth=567&amp;search=&amp;size=13561&amp;status=done&amp;width=284" alt="PDF.PNG"><br><strong>在图片下面</strong></p>
<h1 id="第五题"><a href="#第五题" class="headerlink" title="第五题"></a><strong>第五题</strong></h1><p><strong>give your flag</strong><br><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570952221619-3e5a47c8-36c7-4ea4-a977-cda52bd4c3f7.png#align=left&amp;display=inline&amp;height=250&amp;name=give.PNG&amp;originHeight=500&amp;originWidth=599&amp;search=&amp;size=17017&amp;status=done&amp;width=300" alt="give.PNG"><img src="https://cdn.nlark.com/yuque/0/2019/gif/518854/1570952304665-7f056053-b567-4348-9883-c6d0fabc08b0.gif#align=left&amp;display=inline&amp;height=169&amp;name=give_your_flag%20%281%29.gif&amp;originHeight=169&amp;originWidth=169&amp;search=&amp;size=331752&amp;status=done&amp;width=169" alt="give_your_flag (1).gif"><br><strong>一张gif用分割工具把gif 逐帧提取会出来一张残缺二维码用PS工具补齐定位码即可</strong></p>
<h1 id="第六题"><a href="#第六题" class="headerlink" title="第六题"></a>第六题</h1><p><strong>本题得到的一堆的黑白图片，这种过渡的一种检查方式是，黑和白表示2中信息，可以组成**</strong>01010101…<strong>**的信息流。</strong><br><strong>一共有104张黑白图片，我们可以用**</strong>getcolors()<strong><strong>这个方法来获取图片的信息。一般会返回一个元组</strong></strong><code>(count,(r,g,b))</code><strong>**。该元组第一个元素计数代表该颜色出现的次数，第二个元素表示（rgb）。</strong></p>
<pre class=" language-python"><code class="language-python"><span class="token number">0.</span>jpg <span class="token punctuation">:</span><span class="token punctuation">(</span>白色）
（<span class="token number">46656</span>，（<span class="token number">255</span>，<span class="token number">255</span>，<span class="token number">255</span>））
<span class="token number">1.</span>jpg <span class="token punctuation">:</span><span class="token punctuation">(</span>黑色）
（<span class="token number">46656</span>，（<span class="token number">12</span>，<span class="token number">12</span>，<span class="token number">0</span>））
<span class="token number">2.</span>jpg <span class="token punctuation">:</span><span class="token punctuation">(</span>黑色）
（<span class="token number">46656</span>，（<span class="token number">12</span>，<span class="token number">12</span>，<span class="token number">0</span>））
<span class="token number">3.</span>jpg <span class="token punctuation">:</span><span class="token punctuation">(</span>白色）
（<span class="token number">46656</span>，（<span class="token number">255</span>，<span class="token number">255</span>，<span class="token number">255</span>））
<span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span><span class="token punctuation">.</span>
</code></pre>
<p><strong>通过比较得出，白色图片为**</strong>(46656, (255, 255, 255))<strong><strong>，黑色图片为</strong></strong>(46656, (12, 12, 0))<strong>**，</strong></p>
<p><strong>通过该常规编写脚本：</strong></p>
<pre class=" language-python"><code class="language-python"><span class="token comment" spellcheck="true"># coding:utf-8</span>
<span class="token keyword">from</span> PIL <span class="token keyword">import</span> Image
path <span class="token operator">=</span> <span class="token string">"gif\\"</span>
save_path <span class="token operator">=</span> <span class="token string">'.\\'</span>
sumDo <span class="token operator">=</span> <span class="token string">'0b'</span>
sumNo <span class="token operator">=</span> <span class="token string">'0b'</span>
imagefile<span class="token operator">=</span><span class="token punctuation">[</span><span class="token punctuation">]</span>
<span class="token keyword">for</span> i <span class="token keyword">in</span> range<span class="token punctuation">(</span><span class="token number">104</span><span class="token punctuation">)</span><span class="token punctuation">:</span>
    imagefile<span class="token punctuation">.</span>append<span class="token punctuation">(</span>Image<span class="token punctuation">.</span>open<span class="token punctuation">(</span>path<span class="token operator">+</span>str<span class="token punctuation">(</span>i<span class="token punctuation">)</span><span class="token operator">+</span><span class="token string">'.jpg'</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
<span class="token keyword">for</span> image <span class="token keyword">in</span> imagefile<span class="token punctuation">:</span>
    <span class="token keyword">if</span> image<span class="token punctuation">.</span>getcolors<span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">[</span><span class="token number">0</span><span class="token punctuation">]</span><span class="token punctuation">[</span><span class="token number">1</span><span class="token punctuation">]</span><span class="token punctuation">[</span><span class="token number">0</span><span class="token punctuation">]</span> <span class="token operator">==</span> <span class="token number">12</span><span class="token punctuation">:</span>
        sumDo <span class="token operator">+=</span><span class="token string">'1'</span>
        sumNo <span class="token operator">+=</span><span class="token string">'0'</span>
    <span class="token keyword">else</span><span class="token punctuation">:</span>
        sumDo <span class="token operator">+=</span><span class="token string">'0'</span>
        sumNo <span class="token operator">+=</span><span class="token string">'1'</span>
<span class="token keyword">print</span> <span class="token punctuation">(</span>hex<span class="token punctuation">(</span>eval<span class="token punctuation">(</span>sumDo<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">[</span><span class="token number">2</span><span class="token punctuation">:</span><span class="token operator">-</span><span class="token number">1</span><span class="token punctuation">]</span><span class="token punctuation">)</span><span class="token punctuation">.</span>decode<span class="token punctuation">(</span><span class="token string">'hex'</span><span class="token punctuation">)</span>
<span class="token keyword">print</span> <span class="token punctuation">(</span>hex<span class="token punctuation">(</span>eval<span class="token punctuation">(</span>sumNo<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">[</span><span class="token number">2</span><span class="token punctuation">:</span><span class="token operator">-</span><span class="token number">1</span><span class="token punctuation">]</span><span class="token punctuation">)</span><span class="token punctuation">.</span>decode<span class="token punctuation">(</span><span class="token string">'hex'</span><span class="token punctuation">)</span>
</code></pre>
<p><strong>因为有两种可能，所以将两种可能都打印出来。</strong></p>
<p><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570952816026-fc05fa10-8c95-4130-bd4a-1b643c3cdac7.png#align=left&amp;display=inline&amp;height=239&amp;originHeight=239&amp;originWidth=412&amp;search=&amp;size=0&amp;status=done&amp;width=412" alt></p>
<h1 id="第七题"><a href="#第七题" class="headerlink" title="第七题"></a>第七题</h1><p><strong>坤坤，鸡你太美2333333，又是图片隐写</strong></p>
<p><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570952879431-ea95a441-3f0b-4831-8a88-83b264591d5a.png#align=left&amp;display=inline&amp;height=230&amp;name=%E5%9D%A4%E5%9D%A4.PNG&amp;originHeight=460&amp;originWidth=541&amp;search=&amp;size=11853&amp;status=done&amp;width=271" alt="坤坤.PNG"><strong>下载后得到一个文件明显改成RAR压缩包得到一张bmp图片</strong><br><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570953615984-2714ebb3-2a4b-4a4a-a0f1-0180cd5a16d3.png#align=left&amp;display=inline&amp;height=335&amp;name=%E6%84%81%E5%95%A5.PNG&amp;originHeight=335&amp;originWidth=797&amp;search=&amp;size=211677&amp;status=done&amp;width=797" alt="愁啥.PNG"><br><strong>flag就在其中</strong><br>**</p>
<h1 id="第八题"><a href="#第八题" class="headerlink" title="第八题"></a>第八题</h1><p><strong>24字箴言是什么来着？</strong><br><strong>
</strong><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570954248293-f922337b-4c2f-42b1-9180-eb03b5a0fdad.png#align=left&amp;display=inline&amp;height=219&amp;name=24w.png&amp;originHeight=219&amp;originWidth=605&amp;search=&amp;size=278544&amp;status=done&amp;width=605" alt="24w.png"><strong><br>[</strong>解码地址<strong>](<a href="http://ctf.ssleye.com/cvencode.html)[" target="_blank" rel="noopener">http://ctf.ssleye.com/cvencode.html)[</a></strong><a href="http://ctf.ssleye.com/cvencode.html**](http://ctf.ssleye.com/cvencode.html)" target="_blank" rel="noopener">http://ctf.ssleye.com/cvencode.html**](http://ctf.ssleye.com/cvencode.html)</a></p>
<p><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570954396476-2d0cab6e-b4c7-43ec-ad03-62393cdb5a29.png#align=left&amp;display=inline&amp;height=368&amp;name=23w.PNG&amp;originHeight=368&amp;originWidth=797&amp;search=&amp;size=11483&amp;status=done&amp;width=797" alt="23w.PNG"><br><strong>出来是一个Code Values，怎么看都不像Flag，把图片放Binwalk 跑一下</strong><br><strong>出来一个文件夹，里面有一个压缩包解压有密码，嘿嘿。胜利在望，解压又一张图片</strong><br><strong>emmmm，，，下面又一个二维码，扫之。bingo。</strong><br><strong><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570954650072-cf1241dc-6079-4d9d-8d32-58bd9154ae32.png#align=left&amp;display=inline&amp;height=196&amp;name=24bin.PNG&amp;originHeight=196&amp;originWidth=1429&amp;search=&amp;size=142543&amp;status=done&amp;width=1429" alt="24bin.PNG"><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570954734735-9cca6838-08e7-4f49-b468-a5d2ccf53c69.png#align=left&amp;display=inline&amp;height=293&amp;name=%E5%AF%86%E7%A0%81.PNG&amp;originHeight=586&amp;originWidth=600&amp;search=&amp;size=38243&amp;status=done&amp;width=300" alt="密码.PNG"><img src="https://cdn.nlark.com/yuque/0/2019/jpeg/518854/1570954905039-db9e0483-124e-439c-8600-c24cf2efef8c.jpeg#align=left&amp;display=inline&amp;height=293&amp;name=24c.jpg&amp;originHeight=1031&amp;originWidth=800&amp;search=&amp;size=279883&amp;status=done&amp;width=227" alt="24c.jpg"><img src="https://cdn.nlark.com/yuque/0/2019/jpeg/518854/1570955165135-9dfb458f-f871-40b1-9385-14c0954eef2c.jpeg#align=left&amp;display=inline&amp;height=106&amp;name=419759572230913713.jpg&amp;originHeight=106&amp;originWidth=111&amp;search=&amp;size=12511&amp;status=done&amp;width=111" alt="419759572230913713.jpg"></strong></p>
<h1 id="第九题"><a href="#第九题" class="headerlink" title="第九题"></a>第九题</h1><p><strong>misc1</strong></p>
<p><strong>链接：<a href="https://pan.baidu.com/s/1lLZ4wWbhxmCEjD-U20mZoQ" target="_blank" rel="noopener">https://pan.baidu.com/s/1lLZ4wWbhxmCEjD-U20mZoQ</a> 提取码：kmjw</strong><br><strong>
</strong>只要你懂得的SQL注入的盲注就能解决这道题<strong>
</strong><br><strong>emmm，，杂项加盲注。。有点意思</strong></p>
<p><strong>下载得到misc.pcapng文件。打开wireshark，既然是盲注过滤HTTP流量，导出得到一大批文件。看文件名。果然盲注。</strong><br><strong><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570955590794-1ebc4922-244a-41cb-9b15-b6ea1dda0511.png#align=left&amp;display=inline&amp;height=375&amp;name=wire.PNG&amp;originHeight=819&amp;originWidth=1629&amp;search=&amp;size=141908&amp;status=done&amp;width=746" alt="wire.PNG"></strong><br><strong>盲注成功返回文件的大小明显不同，这里再提取518的文件</strong><br><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570955722237-8c53909b-36f8-408f-9e53-6b7cafc39525.png#align=left&amp;display=inline&amp;height=794&amp;name=%E6%88%91%E7%83%AD.PNG&amp;originHeight=794&amp;originWidth=1039&amp;search=&amp;size=312805&amp;status=done&amp;width=1039" alt="我热.PNG"><br><strong>然后通过GitShell用ls -l 保存所有文件名和文件大小到一个文件中</strong><br><strong>再通过脚本来筛选</strong><br><strong>逐行读取，通过空格分组</strong><br><strong>以substr的第2个参数为key，等号后面的值为value，保存</strong><br><strong>最后按key排序输出即可得到flag</strong><br><strong><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570957307875-2ad265ca-5208-4189-bf78-e7bae194e4fd.png#align=left&amp;display=inline&amp;height=286&amp;name=%E6%8D%95%E8%8E%B7.PNG&amp;originHeight=286&amp;originWidth=272&amp;search=&amp;size=2832&amp;status=done&amp;width=272" alt="捕获.PNG"></strong></p>
<h1 id="第十题"><a href="#第十题" class="headerlink" title="第十题"></a>第十题</h1><p><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570957388154-25477f99-f278-4a08-8af0-3936d9f1b787.png#align=left&amp;display=inline&amp;height=244&amp;name=%E4%BD%A0%E7%9E%85%E5%95%A5.PNG&amp;originHeight=448&amp;originWidth=512&amp;search=&amp;size=11917&amp;status=done&amp;width=279" alt="你瞅啥.PNG"><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570957574379-cd08753d-5fc8-458a-a4cf-22eb985e06f0.png#align=left&amp;display=inline&amp;height=369&amp;name=rabbit.png&amp;originHeight=900&amp;originWidth=1118&amp;search=&amp;size=641537&amp;status=done&amp;width=459" alt="rabbit.png"><br><strong>就瞅你了</strong><br><strong>先放到**</strong>Stegsolve.jar扫一下。没看出啥来。，Binwalk安排上。**</p>
<p><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570958055013-c3853f29-d513-49e5-a071-3c20fa9d46e6.png#align=left&amp;display=inline&amp;height=643&amp;name=rara.PNG&amp;originHeight=643&amp;originWidth=1280&amp;search=&amp;size=43817&amp;status=done&amp;width=1280" alt="rara.PNG"><br><strong>emmm，出来个压缩包和flag.docx！！！然鹅。。里面并没有文档flag。出题人出来受死。</strong><br><strong>转到压缩包。有密码。。。。。爆破。。。。没成功。</strong><br><strong>现在就一张图片。一个文档。。文档没啥，，那就图片，开搞。题目说瞅啥，，愁啥。。。那兔子向下看，难不成。。winhex怼上去。修改图片高度bingo！！！</strong><br><strong><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570959034222-b2ddcdc1-8165-40cc-8733-2ccbe04451bf.png#align=left&amp;display=inline&amp;height=382&amp;name=up.PNG&amp;originHeight=763&amp;originWidth=803&amp;search=&amp;size=1128473&amp;status=done&amp;width=402" alt="up.PNG"></strong><br><strong>解压压缩包又得到一个flag.docx，显示隐藏字符得到flag</strong><br><strong><img src="https://cdn.nlark.com/yuque/0/2019/png/518854/1570959239965-e1082ff8-6410-442b-859a-da4662df9f7f.png#align=left&amp;display=inline&amp;height=510&amp;name=234178269875.PNG&amp;originHeight=510&amp;originWidth=1366&amp;search=&amp;size=37657&amp;status=done&amp;width=1366" alt="234178269875.PNG"></strong><br><strong>
</strong><br><strong>至此杂项结束！</strong></p>

            </div>
            <hr>

            
            <style>
    #reward {
        margin: 40px 0;
        text-align: center;
    }

    #reward .reward-link {
        font-size: 1.88rem;
    }

    #reward .btn-floating:hover {
        box-shadow: 0 6px 12px rgba(0, 0, 0, 0.2), 0 5px 15px rgba(0, 0, 0, 0.2);
    }

    #rewardModal {
        width: 320px;
        height: 350px;
    }

    #rewardModal .reward-title {
        margin: 15px auto;
        padding-bottom: 5px;
    }

    #rewardModal .modal-content {
        padding: 10px;
    }

    #rewardModal .close {
        position: absolute;
        right: 15px;
        top: 15px;
        color: rgba(0, 0, 0, 0.5);
        font-size: 1.3rem;
        line-height: 20px;
        cursor: pointer;
    }

    #rewardModal .close:hover {
        color: #ef5350;
        transform: scale(1.3);
        -moz-transform:scale(1.3);
        -webkit-transform:scale(1.3);
        -o-transform:scale(1.3);
    }

    #rewardModal .reward-tabs {
        margin: 0 auto;
        width: 210px;
    }

    .reward-tabs .tabs {
        height: 38px;
        margin: 10px auto;
        padding-left: 0;
    }

    .reward-content ul {
        padding-left: 0 !important;
    }

    .reward-tabs .tabs .tab {
        height: 38px;
        line-height: 38px;
    }

    .reward-tabs .tab a {
        color: #fff;
        background-color: #ccc;
    }

    .reward-tabs .tab a:hover {
        background-color: #ccc;
        color: #fff;
    }

    .reward-tabs .wechat-tab .active {
        color: #fff !important;
        background-color: #22AB38 !important;
    }

    .reward-tabs .alipay-tab .active {
        color: #fff !important;
        background-color: #019FE8 !important;
    }

    .reward-tabs .reward-img {
        width: 210px;
        height: 210px;
    }
</style>

<div id="reward">
    <a href="#rewardModal" class="reward-link modal-trigger btn-floating btn-large waves-effect waves-light red">赏</a>

    <!-- Modal Structure -->
    <div id="rewardModal" class="modal">
        <div class="modal-content">
            <a class="close modal-close"><i class="fa fa-close"></i></a>
            <h4 class="reward-title">你的赏识是我前进的动力</h4>
            <div class="reward-content">
                <div class="reward-tabs">
                    <ul class="tabs row">
                        <li class="tab col s6 alipay-tab waves-effect waves-light"><a href="#alipay">支付宝</a></li>
                        <li class="tab col s6 wechat-tab waves-effect waves-light"><a href="#wechat">微 信</a></li>
                    </ul>
                    <div id="alipay">
                        <img src="/medias/reward/alipay.jpg" class="reward-img" alt="支付宝打赏二维码">
                    </div>
                    <div id="wechat">
                        <img src="/medias/reward/wechat.png" class="reward-img" alt="微信打赏二维码">
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>

<script>
    $(function () {
        $('.tabs').tabs();
    });
</script>
            

            <link rel="stylesheet" type="text/css" href="/libs/share/css/share.min.css">

<div id="article-share">
    
    <div class="social-share" data-disabled="qzone" data-wechat-qrcode-helper="<p>微信里点“发现”->“扫一扫”二维码便可查看分享。</p>"></div>
    
</div>

<script src="/libs/share/js/social-share.min.js"></script>

            

    <div class="reprint" id="reprint-statement">
        <p class="reprint-tip">
            <i class="fa fa-exclamation-triangle"></i>&nbsp;&nbsp;
            <span>转载规则</span>
        </p>
        
            <div class="center-align">
                <a rel="license" href="https://creativecommons.org/licenses/by/4.0/deed.zh">
                    <img alt style="border-width:0" src="https://i.creativecommons.org/l/by/4.0/88x31.png">
                </a>
            </div>
            <br>
            <span xmlns:dct="http://purl.org/dc/terms/" href="http://purl.org/dc/dcmitype/Text" property="dct:title" rel="dct:type">
                    《校内平台杂项》
                </span> 由
            <a xmlns:cc="http://creativecommons.org/ns#" href="/2019/11/06/校内练习平台杂项/" property="cc:attributionName" rel="cc:attributionURL">
                Mondayice
            </a> 采用
            <a rel="license" href="https://creativecommons.org/licenses/by/4.0/deed.zh">
                知识共享署名 4.0 国际许可协议
            </a>进行许可。
        
    </div>

    <script async defer>
      document.addEventListener("copy", function (e) {
        let toastHTML = '<span>复制成功，请遵循本文的转载规则</span><button class="btn-flat toast-action" onclick="navToReprintStatement()" style="font-size: smaller">查看</a>';
        M.toast({html: toastHTML})
      });

      function navToReprintStatement() {
        $("html, body").animate({scrollTop: $("#reprint-statement").offset().top - 80}, 800);
      }
    </script>


        </div>
    </div>

    

    

    

    

    

    

<article id="prenext-posts" class="prev-next articles">
    <div class="row article-row">
        
        <div class="article col s12 m6 overflow-policy" data-aos="fade-up">
            <div class="article-badge left-badge text-color">
                <i class="fa fa-dot-circle-o"></i>&nbsp;本篇
            </div>
            <div class="card">
                <a href="/2019/11/06/校内练习平台杂项/">
                    <div class="card-image">
                        
                        
                        <img src="/medias/featureimages/0.jpg" class="responsive-img" alt="校内平台杂项">
                        
                        <span class="card-title">校内平台杂项</span>
                    </div>
                </a>
                <div class="card-content article-content">
                    <div class="summary block-with-text">
                        
                            杂项第一题一般不难下了图片拖到notepad++直接搜flag。bingo！
第二题还是图片隐写，百毒网盘连接，下载载瞅一眼老样子先拿到Stegsolve看一波，bingo！
第三题、base64，不多说了
第四题在图片下面
第五题give
                        
                    </div>
                    <div class="publish-info">
                            <span class="publish-date">
                                <i class="fa fa-clock-o fa-fw icon-date"></i>2019-11-06
                            </span>
                        <span class="publish-author">
                            
                            <i class="fa fa-user fa-fw"></i>
                            Mondayice
                            
                        </span>
                    </div>
                </div>

                
                <div class="card-action article-tags">
                    
                    <a href="/tags/CTF/" target="_blank">
                        <span class="chip bg-color">CTF</span>
                    </a>
                    
                </div>
                
            </div>
        </div>
        
        
        <div class="article col s12 m6 overflow-policy" data-aos="fade-up">
            <div class="article-badge right-badge text-color">
                下一篇&nbsp;<i class="fa fa-chevron-right"></i>
            </div>
            <div class="card">
                <a href="/2019/05/23/Write-up_cn/">
                    <div class="card-image">
                        
                        <img src="http://yanxuan.nosdn.127.net/83e01713bb4c086dae07364f238190b1.jpg" class="responsive-img" alt="RNote">
                        
                        <span class="card-title">RNote</span>
                    </div>
                </a>
                <div class="card-content article-content">
                    <div class="summary block-with-text">
                        
                            RCTF-2017: RNote【原理】off-by-one, fastbin_dup
【目的】了解基础堆知识，懂得堆溢出漏洞的利用
【环境】Linux
【工具】gdb(装有peda)，IDA，python，pwntools
【步骤】首先查
                        
                    </div>
                    <div class="publish-info">
                            <span class="publish-date">
                                <i class="fa fa-clock-o fa-fw icon-date"></i>2019-05-23
                            </span>
                        <span class="publish-author">
                            
                            <i class="fa fa-user fa-fw"></i>
                            Mondayice
                            
                        </span>
                    </div>
                </div>
                
                <div class="card-action article-tags">
                    
                    <a href="/tags/CTF/" target="_blank">
                        <span class="chip bg-color">CTF</span>
                    </a>
                    
                </div>
                
            </div>
        </div>
        
    </div>
</article>
</div>



    </div>
    <div id="toc-aside" class="expanded col l3 hide-on-med-and-down">
        <div class="toc-widget">
            <div class="toc-title"><i class="fa fa-list-alt"></i>&nbsp;&nbsp;目录</div>
            <div id="toc-content"></div>
        </div>
    </div>
</div>

<!-- TOC 悬浮按钮. -->

<div id="floating-toc-btn" class="hide-on-med-and-down">
    <a class="btn-floating btn-large bg-color">
        <i class="fa fa-list"></i>
    </a>
</div>


<script src="/libs/tocbot/tocbot.min.js"></script>
<script>
    $(function () {
        tocbot.init({
            tocSelector: '#toc-content',
            contentSelector: '#articleContent',
            headingsOffset: -($(window).height() * 0.4 - 45),
            // headingsOffset: -205,
            headingSelector: 'h2, h3, h4'
        });

        // modify the toc link href to support Chinese.
        let i = 0;
        let tocHeading = 'toc-heading-';
        $('#toc-content a').each(function () {
            $(this).attr('href', '#' + tocHeading + (++i));
        });

        // modify the heading title id to support Chinese.
        i = 0;
        $('#articleContent').children('h2, h3, h4').each(function () {
            $(this).attr('id', tocHeading + (++i));
        });

        // Set scroll toc fixed.
        let tocHeight = parseInt($(window).height() * 0.4 - 64);
        let $tocWidget = $('.toc-widget');
        $(window).scroll(function () {
            let scroll = $(window).scrollTop();
            /* add post toc fixed. */
            if (scroll > tocHeight) {
                $tocWidget.addClass('toc-fixed');
            } else {
                $tocWidget.removeClass('toc-fixed');
            }
        });

        
        /* 修复文章卡片 div 的宽度. */
        let fixPostCardWidth = function (srcId, targetId) {
            let srcDiv = $('#' + srcId);
            if (srcDiv.length === 0) {
                return;
            }

            let w = srcDiv.width();
            if (w >= 450) {
                w = w + 21;
            } else if (w >= 350 && w < 450) {
                w = w + 18;
            } else if (w >= 300 && w < 350) {
                w = w + 16;
            } else {
                w = w + 14;
            }
            $('#' + targetId).width(w);
        };

        // 切换TOC目录展开收缩的相关操作.
        const expandedClass = 'expanded';
        let $tocAside = $('#toc-aside');
        let $mainContent = $('#main-content');
        $('#floating-toc-btn .btn-floating').click(function () {
            if ($tocAside.hasClass(expandedClass)) {
                $tocAside.removeClass(expandedClass).slideUp(500);
                $mainContent.removeClass('l9');
            } else {
                $tocAside.addClass(expandedClass).slideDown(500);
                $mainContent.addClass('l9');
            }
            fixPostCardWidth('artDetail', 'prenext-posts');
        });
        
    });
</script>
    

</main>


<footer class="page-footer bg-color">
    <div class="container row center-align">
        <div class="col s12 m8 l8 copy-right">
            本站由&copy;<a href="https://mondayice.github.io/" target="_blank">Mondayice</a>基于
            <a href="https://hexo.io/" target="_blank">Hexo</a>搭建.

            

            
			
                <br>
                
                <span id="busuanzi_container_site_pv">
                    <i class="fa fa-heart-o"></i>
                    本站总访问量 <span id="busuanzi_value_site_pv" class="white-color"></span>
                </span>
                
                
                <span id="busuanzi_container_site_uv">
                    <i class="fa fa-users"></i>
                    次,&nbsp;访客数 <span id="busuanzi_value_site_uv" class="white-color"></span> 人.
                </span>
                
            
        </div>
        <div class="col s12 m4 l4 social-link social-statis">
    <a href="https://github.com/mondayice?tab=repositories" class="tooltipped" target="_blank" data-tooltip="访问我的GitHub" data-position="top" data-delay="50">
        <i class="fa fa-github"></i>
    </a>



    <a href="mailto:2796751552@qq.com" class="tooltipped" target="_blank" data-tooltip="邮件联系我" data-position="top" data-delay="50">
        <i class="fa fa-envelope-open"></i>
    </a>



    <a href="tencent://AddContact/?fromId=50&fromSubId=1&subcmd=all&uin=2796751552" class="tooltipped" data-tooltip="QQ联系我: 2796751552" data-position="top" data-delay="50">
        <i class="fa fa-qq"></i>
    </a>


</div>
    </div>
</footer>

<div class="progress-bar"></div>
<!--

的
            <a href="https://github.com/blinkfox/hexo-theme-matery" target="_blank">hexo-theme-matery</a>主题

-->

<!-- 搜索遮罩框 -->
<div id="searchModal" class="modal">
    <div class="modal-content">
        <div class="search-header">
            <span class="title"><i class="fa fa-search"></i>&nbsp;&nbsp;搜索</span>
            <input type="search" id="searchInput" name="s" placeholder="请输入搜索的关键字" class="search-input">
        </div>
        <div id="searchResult"></div>
    </div>
</div>

<script src="/js/search.js"></script>
<script type="text/javascript">
$(function () {
    searchFunc("/" + "search.xml", 'searchInput', 'searchResult');
});
</script>
<!-- 回到顶部按钮 -->
<div id="backTop" class="top-scroll">
    <a class="btn-floating btn-large waves-effect waves-light" href="#!">
        <i class="fa fa-angle-up"></i>
    </a>
</div>


<script src="/libs/materialize/materialize.min.js"></script>
<script src="/libs/masonry/masonry.pkgd.min.js"></script>
<script src="/libs/aos/aos.js"></script>
<script src="/libs/scrollprogress/scrollProgress.min.js"></script>
<script src="/libs/lightGallery/js/lightgallery-all.min.js"></script>
<script src="/js/matery.js"></script>

<!-- Global site tag (gtag.js) - Google Analytics -->



    <script src="/libs/others/clicklove.js"></script>


    <script async src="/libs/others/busuanzi.pure.mini.js"></script>


</body>
</html>